From 51d93978794d2c3cae56d649ad8b6e4493432c10 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Mon, 12 Dec 2011 20:44:40 +0000
Subject: windows ccapi: use a random challenge to authenticate ccapiserver

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>

ticket: 7050

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25542 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/ccapi/lib/win/OldCC/client.cxx | 40 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 38 insertions(+), 2 deletions(-)

(limited to 'src/ccapi/lib/win/OldCC/client.cxx')

diff --git a/src/ccapi/lib/win/OldCC/client.cxx b/src/ccapi/lib/win/OldCC/client.cxx
index 5b82b6587..5a34d38cc 100644
--- a/src/ccapi/lib/win/OldCC/client.cxx
+++ b/src/ccapi/lib/win/OldCC/client.cxx
@@ -237,11 +237,41 @@ DWORD find_server(Init::InitInfo& info, LPSTR endpoint) {
 
 }
 
+static
+DWORD
+make_random_challenge(DWORD *challenge_out) {
+    HCRYPTPROV provider;
+    DWORD status = 0;
+    *challenge_out = 0;
+    if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
+                             CRYPT_VERIFYCONTEXT)) {
+        status = GetLastError();
+        cci_check_error(status);
+        return status;
+        }
+    if (!CryptGenRandom(provider, sizeof(*challenge_out),
+                        (BYTE *)challenge_out)) {
+        status = GetLastError();
+        cci_check_error(status);
+        return status;
+        }
+    if (!CryptReleaseContext(provider, 0)) {
+        /*
+         * Note: even though CryptReleaseContext() failed, we don't really
+         * care since a) we've already successfully obtained our challenge
+         * anyway and b) at least one of the potential errors, "ERROR_BUSY"
+         * does not really seem to be an error at all.  So GetLastError() is
+         * logged for informational purposes only and should not be returned.
+         */
+        cci_check_error(GetLastError());
+        }
+    return status;
+}
+
 static
 DWORD
 authenticate_server(Init::InitInfo& info) {
-    DWORD               challenge       = 17; // XXX - maybe use random number
-    DWORD               desired_response= challenge + 1;
+    DWORD               challenge, desired_response;
     HANDLE              hMap            = 0;
     LPSTR               mem_name        = 0;
     PDWORD              pvalue          = 0;
@@ -254,6 +284,12 @@ authenticate_server(Init::InitInfo& info) {
     status = alloc_name(&mem_name, "auth", isNT());
     cci_check_error(status);
 
+    if (!status) {
+        status = make_random_challenge(&challenge);
+        desired_response = challenge + 1;
+        cci_check_error(status);
+        }
+
     if (!status) {
         if (isNT()) {
             sa.nLength = sizeof(sa);
-- 
cgit